Please help me solve this external_url connundrum!

Prevent Gitlab from generating ssl keys

Pretty new to GitLab, so please bear with my noob question. I did search for an answer but could not find one that matches my need, so here goes.

In the process of installing GitLab in a docker container and I’m having the following challenge with external_url:

I have GitLab running inside docker and behind a local reverse proxy. The only access to GitLab is via an http://localhost:dddd where dddd is a port mapped to 80 in docker. The external access is via a URL that looks like Since the reverse proxy is mapping to http://localhost:dddd, I don’t need SSL access into GitLab. For completeness sake, I also have a wildcard SSL cert that covers both and

But here is my challenge: I’ve set external_url ‘’ and followed it by gitlab-ctl reconfigure, the reconfiguration process then tries to connect to Let’s Encrypt to get a cert for and it failed because I already have covered under the wildcard cert for

So: Is there a configuration setting in gitlab.rb that will tell the configuration process not to create the certs? From what I understand I need to set external_url to ‘’ in order for clone and maybe other responses to work properly. How can I set external_url properly without triggering the process of creating these ssl keys?

Your help and guidance is greatly appreciated!


Hi and welcome to our community!

Sounds reasonable with just mapping localhost:80 with a proxypass to the TLS termination webserver then. I just search a bit since the LetsEncrypt default was introduced somewhere in 12.x IIRC.

The docs say

do not plan on using Let’s Encrypt should set letsencrypt['enable'] = false in /etc/gitlab/gitlab.rb to disable.

Can you try that with leaving the external_url setting to https:/...?


1 Like